The Ethical Hacker Network - Windows 7 Wireless Profiles

lorddicranius

Sr. Member

Offline

Posts: 447

Windows 7 Wireless Profiles

« on: July 26, 2011, 02:20:25 PM »

So when you view a wireless profile in Windows 7, the only indicator for it to connect to an AP is by the ESSID. Is there another location that stores more info (e.g. BSSID)? I'm trying to figure out why a device would keep connecting to a specific AP, even though it has a lower signal strength than another AP with the same ESSID.

**UPDATE**
I found this SANS paper: Wireless Networks and the Windows Registry - Just where has your computer been? On page 12 I found that the AP's MAC is stored in a specific registry entry along with other AP settings.

My questions now are: does the Windows network manager reference these entries when connecting to SSID's? Does it cross-check the MAC addresses found in these entries when connecting? If so, this would explain the issue. If not, I'm not really sure what other perspective to look at this issue from...


« Last Edit: July 26, 2011, 03:02:50 PM by lorddicranius »	Logged

GSEC, eCPPT, Sec+

WCNA

Full Member

Offline

Posts: 187

Re: Windows 7 Wireless Profiles

« Reply #1 on: July 27, 2011, 10:29:44 AM »

This doesn't answer your question but it is related.

Profiles that connect automatically are a security risk. Most OSes are aware of this now and have supposedly fixed the problem.

http://www.securitytube.net/video/1780

I'll take a guess at the questions anyway:
"does the Windows network manager reference these entries when connecting to SSID's? "..........yes

"Does it cross-check the MAC addresses found in these entries when connecting?"...........yes.

My guess is that why a device would keep connecting to a specific AP even though it has a lower signal strength than another AP with the same ESSID is because its MAC is in the Preferred Network List.....although, it depends. If I recall correctly (I'd double check), the client decides when to roam with autonomous APs and if a WLAN controller is used, the controller decides when to roam.


	Logged

ISC2 Associate, WCNA, CWNA, OSCP, Network+

lorddicranius

Sr. Member

Offline

Posts: 447

Re: Windows 7 Wireless Profiles

« Reply #2 on: July 27, 2011, 12:53:43 PM »

Quote from: WCNA on July 27, 2011, 10:29:44 AM

This doesn't answer your question but it is related.

Profiles that connect automatically are a security risk. Most OSes are aware of this now and have supposedly fixed the problem.

I learned about the issue of automatically connecting wifi devices from that very video! My company prefers ease-of-use than security though (seems to be a common complaint from the security-minded folks). It'll take an incident happening before a policy to "disable automatically connecting to AP's" is implemented.

Quote from: WCNA on July 27, 2011, 10:29:44 AM

I'll take a guess at the questions anyway:
"does the Windows network manager reference these entries when connecting to SSID's? "..........yes

"Does it cross-check the MAC addresses found in these entries when connecting?"...........yes.

My guess is that why a device would keep connecting to a specific AP even though it has a lower signal strength than another AP with the same ESSID is because its MAC is in the Preferred Network List.....

My thoughts exactly, but I wasn't for sure because of...

Quote from: WCNA on July 27, 2011, 10:29:44 AM

.....although, it depends. If I recall correctly (I'd double check), the client decides when to roam with autonomous APs and if a WLAN controller is used, the controller decides when to roam.

...this. I was also under the impression that wifi devices would switch automatically once some threshold is met, but I don't know what this threshold is. Losing signal completely...or once it gets to <10% signal strength...? I was curious about this also.

For my purpose, these laptops are stationary in their respective offices for the most part, so I don't have to worry about them roaming very often (would love a wireless controller to cover this just in case, but need $$ for that haha). We had one AP fail and all of the laptops switched over to this other AP with a lower signal strength. I have the new AP in place, but had laptops still connecting to the old WAP. This was resolved by blowing away the wireless profile and recreating a new one when connecting to the ESSID with the stronger signal.

Thanks for the input, WCNA. Let us know when those securitytube t-shirts are out!


	Logged

GSEC, eCPPT, Sec+

WCNA

Full Member

Offline

Posts: 187

Re: Windows 7 Wireless Profiles

« Reply #3 on: July 28, 2011, 12:00:37 PM »

Quote

"....I don't know what this threshold is"

Nor will you. The roaming algorithm is proprietary, that's why it's recommended that you don't mix and match vendors. RSSI is key in their algorithms but they might also use SNR, error rates and retransmissions. Proper cell overlap is key as too much or too little hurts roaming hence the Goldilocks approach- just right.

Quote

(would love a wireless controller to cover this just in case, but need $$ for that haha)

Check out UBNT's Unifi solution. Much cheaper than you think.

Quote

Let us know when those securitytube t-shirts are out!

I imagine Vivek is really busy prepping for his talks at Blackhat and Defcon Workshops and hasn't gotten around to finishing what needs to be done. The store has been ready for a while, I finished it a couple weeks ago. I don't know if you can actually order from it or not yet but it's at www.printfection.com/SecurityTube


	Logged

ISC2 Associate, WCNA, CWNA, OSCP, Network+

Pages: [1] Go Up

« previous next »